Q about being open to an organization's network

Discussion in 'privacy general' started by shmish, Jan 13, 2011.

Thread Status:
Not open for further replies.
  1. shmish

    shmish Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    17
    Location:
    Vancouver
    I work for a large organization which has many satellite buildings and a central IT department. They have a pretty tight IT policy in my eyes. All of the computers have "deep freeze" which means that they are rolled back after every reboot. Nothing can change on the computer. As well, as soon as a private PC (ie someone's personal laptop) plugs into the network, the IT department gets notified.

    I was also told that if the IT department wishes, they can download/extract any data that they want from your laptop if it is plugged into the network backbone. This part seems a bit far fetched to me. Obviously the IT department can track network traffic, but I was quite surprised to hear that they could essentially probe or snoop on their employee's computers. Is this actually possible, as a matter of routine or semi-routine practice? ie without hacking passwords and the like?

    thanks
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Any corporate IT worth their name is able to access the files residing in the computers in their network. All of them
     
  3. katio

    katio Guest

    Search for NAC, or "Network Access Control"
    Usually how this works is that you need a special software, a "client agent" installed on the personal laptop in order to be able to connect to the network at all. This software for example checks that an AV is installed, everything is up-to-date and no blacklisted software is active, further it may give full remote access to the IT department.

    Without such software (and no filesharing, enforced software firewall...) remotely accessing files on private systems is a tad bit more difficult. 0days are pretty expensive and besides that would be illegal too :p
     
  4. shmish

    shmish Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    17
    Location:
    Vancouver
    Is this the case if I don't join the domain (and therefore don't necessarily conform to their security policies) and I have a decent firewall? I understand that anyone can hack/break into a computer given enough time and determination. Or, does the situation change if I use hard drive encryption?
     
  5. katio

    katio Guest

    FDE wouldn't change a thing, if the system is running everything is accessible in plaintext. FS level encryption is more effective, however if they got full access to a computer they can intercept the password...

    The other part of the question I think I already answered but again:
    Plugging in your personal firewalled computer into the corporate network doesn't magically grant the IT dep access. They aren't going to resort to black hat methods.
     
  6. shmish

    shmish Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    17
    Location:
    Vancouver
    Okay, thanks Katio. Got it now.
     
Loading...
Thread Status:
Not open for further replies.